There are a host of recommended cybersecurity measures that can be grouped into four main groups:
- Designing the system with security recommendations in mind.
- Ensuring critical data is protected.
- Educating staff and the general public.
- Preparedness for possible incidents.
Clearly, there is no fully secure system in cyberspace. However, the probability of a cyber attack is much higher than a physical attack, and their level will only increase over time. That said, human error and insider threats remain the most frequent causes of successful cyberattacks. Personnel with access to important information use social networks, cloud technologies and portable storage devices (USB cards, external storage devices). Therefore, the main challenge is to increase cyber hygiene awareness of these personnel.
Thus, one of the most important factors determining the success of a national strategy is how much of a place the public will have in these issues. As mentioned above, cybersecurity issues should be of interest not only to government and business, but also to society as a whole. Therefore, it is necessary to understand that educational programs conducted for this purpose should not be aimed only at information security specialists, but should cover the broadest strata of the population. After all, many employees who have access to confidential information use personal computers and information storage devices. These same computers may also be used by other members of their families. So it is not difficult to imagine the risks that can be faced in the absence of basic knowledge of information security. As an example, the practice used in the U.S. to raise awareness among citizens can be cited:
National Cybersecurity Month (NCSAM). Since 2001, October has been National Cybersecurity Month in the United States. The Cybersecurity Month initiative is supported by the Department of Homeland Security (NSF). The month includes a series of events across the country to encourage vigilant use of cyberspace under the slogan “Our Shared Responsibility.
Data Privacy Day. On January 28 every year, Data Privacy Day is held with top government officials. The campaign includes a number of events and training sessions throughout the U.S., Canada, Europe and several other countries to draw attention to the importance of protecting personal information.
In conclusion, we would like to provide a list of strategic priorities that should be reflected in a national cyber security strategy:
Threat Awareness: Enhancing detection, analysis, mitigation and response to complex threats against the state, critical infrastructures and other vital systems.
Cyber Hygiene: Educational programs for the general citizenry that provide the necessary information resources and tools for personal online protection.
Government-business partnerships: working with business to advocate for secure and resilient infrastructure, networks, products and services.
Government Infrastructure: Modeling best practices for securing government systems, including systems that support on-line transactions of government services for citizens.
International Engagement: Promoting a secure, resilient and trusted global electronic environment that supports national interests. Law and Regulations: supporting an effective legislative framework and law enforcement system to prosecute cybercriminals.
Knowledge, expertise and innovation: Support the development of a workforce deeply specialized in cybersecurity, with access to cutting-edge research and development in the field to support in-house development and innovation.